[dns-operations] Defending against DNS reflection amplification attacks

Vernon Schryver vjs at rhyolite.com
Fri Feb 22 19:11:42 UTC 2013


> From: Joe Abley <jabley at hopcount.ca>

> If you can describe BCP38 deployment in a non-trivial network such
> that deployment is to the benefit of shareholders and non-deployment
> is not, I'm all ears. Absent regulation and punitive fines for
> non-compliance, I don't see it.

Civil lawsuits by victims of DNS reflection and other attacks that
depend on failures to deploy BCP38 might help convince boards of
directors.  It might help to take up a collection to help pay the
legal fees a victim sueing one of those non-trivial networks.
I've the vague impression that kind of fund raising is illegal.

I've learned to avoid using the word "fine" in a different but related
context.  I have long claimed that ESPs (bulk mailer for hire) could
practically stop the large amounts of unsolicited bulk email that they
send by fining their customers with dirty target lists.  A $100 fine
for each spam complaint verified by the ESP (maybe only after the 5th
complaint and maybe capped at $5,000) would practically stop the ESP
spam sent toward my personal mailbox and to my spam traps feeding DCC.
A representative of a major ESP insisted in public that my claim
is nonsense, because it is "illegal (sic)" for an ESP to fine its
customers.  Because ESPs are private enterprises, that might be
literally true.  It's also a lie because ESPs could say "cleanup
fee" or "spam complaint processing fee" instead of "fine" without
reducing the disincentive for purchased, harvested, "re-purposed,"
or other dirty mailboxes in target lists.


Vernon Schryver    vjs at rhyolite.com



More information about the dns-operations mailing list